MiracleLinux 9 : tbb-2020.3-8.el9_5.1 (AXSA:2025-9628:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9628:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

CVE-2024-30300

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability CWE-200 that could lead to privilege escalation. An attacker could exploit this vulnerability to gain access to sensitive information which may include system or user...

CVE-2024-30299

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application...

PT-2024-4226 · Adobe · Framemaker Publishing Server

Name of the Vulnerable Software and Affected Versions: Adobe FrameMaker Publishing Server versions 2020.3, 2022.2 and earlier Description: The issue is related to insufficient protection of internal data, which could allow a remote attacker to elevate their privileges. An attacker could exploit...

PT-2023-31552 · Unknown +1 · Zed! For Mac +5

Name of the Vulnerable Software and Affected Versions: ZED! for Windows versions before Q.2020.3 through Q.2021.2 ZONECENTRAL for Windows versions before Q.2021.2 through 2023.5 ZEDMAIL for Windows versions before 2023.5 ZED! for Windows, Mac, Linux versions before 2023.5 Description: The issue...

CVE-2021-23923

An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...

CVE-2021-23921

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...

CVE-2021-23925

An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting XSS vulnerability in entries of type Document...

CVE-2021-23924

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...

CVE-2021-23921

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...

Devolutions Server 跨站脚本漏洞

Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. A cross-site scripting vulnerability exists in Devolutions Server versions prior to 2020.3 in entries of type "Document", which can be exploited by an...

Devolutions Server 日志信息泄露漏洞

Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. An information disclosure vulnerability exists in Devolutions Server versions prior to 2020.3, which can be exploited by an attacker to obtain sensitive...

Devolutions Server 授权问题漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. An authorization issue vulnerability exists in Devolutions Server versions prior to 2020.3 that stems from an authentication outage for Windows domain users. ...

CVE-2021-25764

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...

JetBrains PhpStorm 安全漏洞

JetBrains PhpStorm is an application from the Czech JetBrains company. It provides an application for writing code. A security vulnerability exists in JetBrains PhpStorm before 2020.3, which originates from code that can be added to the debug log...

CuteNews 2.1.2 Shell Upload

! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh Date: 2021-03-17 Vendor Homepage: https://cutephp.com/ Software Link: https://cutephp.com/click.php?cutenewslatest Version: 2.1.2 CVE: CVE-2019-11447 CVE Reference:...

JetBrains IntelliJ IDEA 代码问题漏洞

Jetbrains IntelliJ IDEA is a Czech JetBrains Jetbrains company's set of integrated development environment for the Java language . A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2020.3. The vulnerability stems from a workspace model where deserialization could lead t...

Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing

Exploit Title: Taskcafé 0.1.0 and 0.1.1- Cross-Origin Resource Sharing Date: 2020- 09- 02 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://github.com/JordanKnott/ Software Link: https://github.com/JordanKnott/taskcafe Version: 0.1.0 and 0.1.1 Tested on: Kali Linux 2020.3 POC: The web...

CVE-2020-24566

In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then under certain circumstances the account password is exposed in...

UPDATE: Kali Linux 2020.3 Release

Kali Linux 2020.3 was released a couple of days ago and this post makes an attempt at understanding the changes in this release. Briefly, the latest version of Kali Linux includes the release Win-Kex, better HiDPI support, standard tool and kernel updates. These are the list of changes since Kali...